The Privacy Regulations Episode
Transcript
Introduction to the Guest and Topic:
Host Allie Krings introduces Gene Fry, a privacy professional with deep experience in healthcare, compliance, and regulatory monitoring. Gene began her career in the mid-1990s during the emergence of HIPAA, working first on the technical security side before moving into compliance. Her background gives her a long-term perspective on how privacy expectations and regulations have evolved over the past several decades.
What Are Privacy Regulations?
Privacy regulations have existed for many years across different industries, including healthcare, finance, and government. In the U.S., laws historically developed sector-by-sector rather than at a national level, resulting in a patchwork of rules. Other countries have long had national privacy laws. As technology and data collection practices have expanded, the regulatory landscape has changed significantly, requiring organizations to continually adapt to new obligations and expectations.
Why is it Difficult to Stay Up to Date?
Staying informed requires understanding every area of the business and all regulations that apply. Companies in multiple sectors—like healthcare and finance—must track several regulatory frameworks simultaneously. Because updates happen often, compliance officers must regularly read industry publications, attend conferences, monitor government updates, and follow regulatory experts. Missing even small changes is easy due to the speed at which technology and privacy expectations evolve.
How Can We Keep Up with Changing Regulations?
Compliance teams rely on curated information sources to stay informed. Email digests, regulatory update services, and professional platforms like LinkedIn help consolidate updates in one place. Many law firms, privacy authorities, and industry organizations publish regular alerts to summarize changes. Even with these tools, individuals must invest ongoing time to read, interpret, and implement necessary updates within their organizations.
Examples of Privacy Regulations in Action:
California became a leading state in the U.S. by implementing the first major consumer-focused privacy law. Legal update platforms such as Lexology publish attorney-authored articles analyzing new laws, court rulings, and enforcement actions across different countries and states. As more states pass their own privacy laws—now nine and growing—companies must update their privacy notices, modify data practices, and refine internal controls to remain compliant.
Recommended Resources for Tracking Regulations:
Gene highlights several trustworthy sources for monitoring changes. For GDPR, resources like GDPR Buzz, Compliance Junction, and updates from Data Protection Authorities (DPAs) are valuable. The U.K.’s Information Commissioner’s Office (ICO) is widely considered one of the strongest, most reliable authorities for understanding data protection practices. These resources provide clarity, guidance, and official interpretations that help businesses maintain compliance.
Why Privacy Regulations Matter to Gene:
Gene’s interest began during the early days of HIPAA when healthcare organizations were learning how to protect sensitive patient information. Over time, as data breaches increased and technology advanced, she saw privacy becoming a broader societal issue. This reinforced her belief that U.S. consumers would eventually receive more protections. Today’s expansion of state privacy laws confirms that shift and highlights the growing need for individuals to have control over how their data is used.
How Consumers Are Affected by Data Collection Practices:
Many consumers agree to terms and conditions without realizing the extent of data collection involved. Historically, companies collected large amounts of personal information without meaningful consent or transparency. Newer regulations aim to change this by requiring companies to disclose how data is used, who it is shared with, and how long it is retained. Consumers now have more visibility into—and more control over—what happens to their personal information.
Recent Changes in Privacy Practices:
Following California’s lead, companies across the U.S. have updated privacy notices, clarified data processing practices, and made consumer rights easier to understand. Many organizations now must describe how long they store data, how consumers can submit requests, and what types of data they collect. These changes reflect a broader shift toward transparency and accountability driven by state-level legislation and consumer expectations.
Key Takeaways for Organizations:
Gene emphasizes that privacy regulation in the U.S. will likely continue to expand at the state level rather than through a single national law. Companies must remain proactive, as failure to comply can lead to significant fines and reputational harm. Leaders—from compliance officers to executives—must understand their responsibilities and ensure their teams stay informed and prepared for ongoing changes.
Notes
The Privacy Regulations Episode
In this episode, Host Allie Krings sits down with Gene Fry to learn more about Privacy Regulations. Understanding privacy regulations is essential to making informed cybersecurity decisions, and this podcast explains the key requirements and their impact in clear, practical terms.
At KirkpatrickPrice, we’re on a mission to help 10,000 organizations raise the bar for cybersecurity and compliance. Join Our Cybersecurity Mission. If you’re going to invest in an audit, it should deliver real value. That’s why we partner with you from audit readiness to final report, ensuring you get the assurance you deserve.
Ready to strengthen your security and compliance posture? Connect with an expert today and learn how we can help you meet your toughest goals.
Send a Question
Do you have a question for our podcast? Send it to us here.
